Dozens of U.S. federal agencies from the Department of Defense to law enforcement to intelligence entrust NowSecure to assess the security and privacy of mobile apps, train developers about secure coding, pinpoint risks in the mobile app supply chain and achieve NIAP compliance.

NowSecure Solutions Protect U.S. Federal GovernmentMobile app security software and services help civilian and defense agencies achieve their missions safely.

© 2021 NowSecure Inc. All Rights Reserved.

U.S. AIR FORCE

Cyber Capabilities Center (CCC)Charged with synchronizing enterprise IT capabilities to support warfighters, the Air Force Cyber Capabilities Center acts as a clearinghouse that validates all internally and externally developed applications. The team relies on NowSecure Platform to assess the security and privacy of apps its team develops and determine NIAP compliance to help reach a Continuous ATO. The CCC also uses NowSecure Workstation to deeply examine particularly sensitive or complex apps. In addition, the CCC taps Platform to continuously monitor public apps that are installed on government-furnished and BYOD equipment.

Platform OneThe Platform One DevSecOps factory centralizes application development across the Department of Defense. The group created an iOS app dev environment and integrated NowSecure Platform into its CI/CD pipeline to continuously test mobile apps and accelerate the delivery of high-quality software. NowSecure Platform pinpoints bugs and provides developers with actionable information for fixing them prior to use. Automated, integrated testing enables the Platform One team to achieve Continuous ATO.

“We are excited to partner with experts like NowSecure to bring automated mobile app security testing and NIAP compliance into our BESPIN program. This new capability can help the Air Force, DoD and federal agencies confidently unleash more widespread development and use of mobile apps. From the SBIR award a year ago to shipping product today, we are achieving our goals of moving fast with continuous innovation.”

— Captain Michael Valentin, U.S. Air Force BESPIN Operations & Support Service Manager

DEPARTMENT OF DEFENSE Business and Enterprise Systems Product Innovation (BESPIN)

• NowSecure works with BESPIN under the Small Business Technology Transfer (STTR) program to help build successful future airmen coders. The services team educates mobile app developers about secure mobile app coding techniques and processes through training modules combined with use of NowSecure Platform in the DevSecOps pipeline to identify bugs and provide sample code to remediate them

• NowSecure works with BESPIN under the Small Business Innovation Research (SBIR) contract to deliver services to the mobile software factory to enhance NIAP compliance reporting with NowSecure Platform in its DevSecOps pipeline. Additions include API and Interactive Application Security Testing (IAST) findings.

U.S. DEPARTMENT OF HOMELAND SECURITY

The U.S. Department of Homeland Security AppVet Program shared service enables federal civilian and defense agencies to assess the security and privacy of Android and iOS mobile applications. AppVet uses NowSecure Platform for fast, on-demand testing of apps in the development lifecycle and supply chain. Agencies can use the results to prevent apps that have severe vulnerabilities from being used on government-furnished equipment.

The U.S. Justice Management Division relies on NowSecure Platform to vet mobile apps developed for the agency and public iOS and Android apps used by staff. Full integration with the VMware AirWatch mobile device management (MDM) system enables JMD to deliver actionable intel for approval or denial of any apps deemed too risky for use. Analysts also use NowSecure Workstation to speed pen testing of sensitive apps that require deeper inspection.

The U.S. Marshals Service uses NowSecure Workstation to deeply examine public Apple® App Store® and Google Play™ apps to determine if they’re safe to use. For example, the agency forbids use of apps developed by high-threat nations and apps that raise significant security or privacy concerns. Automating pen testing enables the U.S. Marshals Service application security analysts to reduce risk while achieving a 10x productivity gain.

The U.S. Attorneys leverage NowSecure Platform as part of the initiative to manage and control mobile devices and apps used by employees. In addition to vetting apps used in the supply chain and monitoring them for risk, the agency also assesses the security of custom mobile apps before deployment.

The Federal Bureau of Investigation uses NowSecure Platform to evaluate all mobile applications used by employees and agents for security, privacy and compliance and deliver actionable intel for approval or denial of apps through its VMware AirWatch mobile device management (MDM) system. Application security analysts also use NowSecure Workstation to deeply inspect particularly sensitive apps.

U.S. DEPARTMENT OF JUSTICE

The Department of Energy - Consolidated Nuclear Security manages and operates the Pantex Plant and the Y-12 National Security Complex. The organization fulfils its mission to safeguard critical infrastructure by using NowSecure Platform to assess the security of mobile apps it develops prior to release. The agency also relies on the NowSecure for mobile risk management by continuously monitoring third-party apps used by employees and blocking those that are deemed insecure.

U.S. DEPARTMENT OF ENERGY

INTELLIGENCE COMMUNITY

The National Geospatial-Intelligence Agency Innovative GEOINT Application Provider Program (IGAPP) provides commercially built mobile apps to support warfighters. SAIC relies on NowSecure Platform to quickly assess the security of apps in the DevOps pipeline and ensure NIAP compliance. The program also uses NowSecure Workstation for deep examination of sensitive apps. Both NowSecure solutions help the team save time and resources and get critical apps in the hands of users faster.

All Federal AgenciesPreventing mobile app security incidents is a core requirement of any Continuous Diagnostic and Mitigation (CDM) Program. NowSecure Platform supports CDM by continuously monitoring apps to proactively identify CVEs and correlate app security scores with CVEs for further action in mobile device management systems and reporting via dashboards.

About NowSecureNowSecure offers a comprehensive suite of automated mobile app security and privacy testing solutions, penetration testing and training services to reduce risk. Trusted by many of the world’s most demanding organizations, NowSecure protects millions of app users across banking, insurance, high tech, retail, healthcare, government, IoT and others. As the recognized expert in mobile app security, the company was recently named a mobile security testing leader by IDC, a DevSecOps transformational leader by Gartner, a Deloitte Technology Fast 500 winner and a TAG Distinguished Vendor. Visit NowSecure to discuss strategies for securing the mobile apps that federal government builds and buys.

© 2021 NowSecure Inc. All Rights Reserved.